Debian LTS: DLA-2068-1: linux security update

    Date17 Jan 2020
    322
    Posted ByLinuxSecurity Advisories
    Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service, or information leak.
    Package        : linux
    Version        : 3.16.81-1
    CVE ID         : CVE-2019-2215 CVE-2019-10220 CVE-2019-14895 CVE-2019-14896
                     CVE-2019-14897 CVE-2019-14901 CVE-2019-15098 CVE-2019-15217
                     CVE-2019-15291 CVE-2019-15505 CVE-2019-16746 CVE-2019-17052
                     CVE-2019-17053 CVE-2019-17054 CVE-2019-17055 CVE-2019-17056
                     CVE-2019-17133 CVE-2019-17666 CVE-2019-19051 CVE-2019-19052
                     CVE-2019-19056 CVE-2019-19057 CVE-2019-19062 CVE-2019-19066
                     CVE-2019-19227 CVE-2019-19332 CVE-2019-19523 CVE-2019-19524
                     CVE-2019-19527 CVE-2019-19530 CVE-2019-19531 CVE-2019-19532
                     CVE-2019-19533 CVE-2019-19534 CVE-2019-19536 CVE-2019-19537
                     CVE-2019-19767 CVE-2019-19922 CVE-2019-19947 CVE-2019-19965
                     CVE-2019-19966
    
    Several vulnerabilities have been discovered in the Linux kernel that
    may lead to a privilege escalation, denial of service, or information
    leak.
    
    CVE-2019-2215
    
        The syzkaller tool discovered a use-after-free vulnerability in
        the Android binder driver.  A local user on a system with this
        driver enabled could use this to cause a denial of service (memory
        corruption or crash) or possibly for privilege escalation.
        However, this driver is not enabled on Debian packaged kernels.
    
    CVE-2019-10220
    
        Various developers and researchers found that if a crafted file-
        system or malicious file server presented a directory with
        filenames including a '/' character, this could confuse and
        possibly defeat security checks in applications that read the
        directory.
    
        The kernel will now return an error when reading such a directory,
        rather than passing the invalid filenames on to user-space.
    
    CVE-2019-14895, CVE-2019-14901
    
        ADLab of Venustech discovered potential heap buffer overflows in
        the mwifiex wifi driver.  On systems using this driver, a
        malicious Wireless Access Point or adhoc/P2P peer could use these
        to cause a denial of service (memory corruption or crash) or
        possibly for remote code execution.
    
    CVE-2019-14896, CVE-2019-14897
    
        ADLab of Venustech discovered potential heap and stack buffer
        overflows in the libertas wifi driver.  On systems using this
        driver, a malicious Wireless Access Point or adhoc/P2P peer could
        use these to cause a denial of service (memory corruption or
        crash) or possibly for remote code execution.
    
    CVE-2019-15098
    
        Hui Peng and Mathias Payer reported that the ath6kl wifi driver
        did not properly validate USB descriptors, which could lead to a
        null pointer derefernce.  An attacker able to add USB devices
        could use this to cause a denial of service (BUG/oops).
    
    CVE-2019-15217
    
        The syzkaller tool discovered that the zr364xx mdia driver did not
        correctly handle devices without a product name string, which
        could lead to a null pointer dereference.  An attacker able to add
        USB devices could use this to cause a denial of service
        (BUG/oops).
    
    CVE-2019-15291
    
        The syzkaller tool discovered that the b2c2-flexcop-usb media
        driver did not properly validate USB descriptors, which could lead
        to a null pointer dereference.  An attacker able to add USB
        devices could use this to cause a denial of service (BUG/oops).
    
    CVE-2019-15505
    
        The syzkaller tool discovered that the technisat-usb2 media driver
        did not properly validate incoming IR packets, which could lead to
        a heap buffer over-read.  An attacker able to add USB devices
        could use this to cause a denial of service (BUG/oops) or to read
        sensitive information from kernel memory.
    
    CVE-2019-16746
    
        It was discovered that the wifi stack did not validate the content
        of beacon heads provided by user-space for use on a wifi interface
        in Access Point mode, which could lead to a heap buffer overflow.
        A local user permitted to configure a wifi interface could use
        this to cause a denial of service (memory corruption or crash) or
        possibly for privilege escalation.
    
    CVE-2019-17052, CVE-2019-17053, CVE-2019-17054, CVE-2019-17055, 
    CVE-2019-17056
    
        Ori Nimron reported that various network protocol implementations
        - AX.25, IEEE 802.15.4, Appletalk, ISDN, and NFC - allowed all
        users to create raw sockets.  A local user could use this to send
        arbitrary packets on networks using those protocols.
    
    CVE-2019-17133
    
        Nicholas Waisman reported that the wifi stack did not valdiate
        received SSID information before copying it, which could lead to a
        buffer overflow if it is not validated by the driver or firmware.
        A malicious Wireless Access Point might be able to use this to
        cause a denial of service (memory corruption or crash) or for
        remote code execution.
    
    CVE-2019-17666
    
        Nicholas Waisman reported that the rtlwifi wifi drivers did not
        properly validate received P2P information, leading to a buffer
        overflow.  A malicious P2P peer could use this to cause a denial
        of service (memory corruption or crash) or for remote code
        execution.
    
    CVE-2019-19051
    
        Navid Emamdoost discovered a potential memory leak in the i2400m
        wimax driver if the software rfkill operation fails.  The security
        impact of this is unclear.
    
    CVE-2019-19052
    
        Navid Emamdoost discovered a potential memory leak in the gs_usb
        CAN driver if the open (interface-up) operation fails.  The
        security impact of this is unclear.
    
    CVE-2019-19056, CVE-2019-19057
    
        Navid Emamdoost discovered potential memory leaks in the mwifiex
        wifi driver if the probe operation fails.  The security impact of
        this is unclear.
    
    CVE-2019-19062
    
        Navid Emamdoost discovered a potential memory leak in the AF_ALG
        subsystem if the CRYPTO_MSG_GETALG operation fails.  A local user
        could possibly use this to cause a denial of service (memory
        exhaustion).
    
    CVE-2019-19066
    
        Navid Emamdoost discovered a potential memory leak in the bfa SCSI
        driver if the get_fc_host_stats operation fails.  The security
        impact of this is unclear.
    
    CVE-2019-19227
    
        Dan Carpenter reported missing error checks in the Appletalk
        protocol implementation that could lead to a null pointer
        dereference.  The security impact of this is unclear.
    
    CVE-2019-19332
    
        The syzkaller tool discovered a missing bounds check in the KVM
        implementation for x86, which could lead to a heap buffer overflow.
        A local user permitted to use KVM could use this to cause a denial
        of service (memory corruption or crash) or possibly for privilege
        escalation.
    
    CVE-2019-19523
    
        The syzkaller tool discovered a use-after-free bug in the adutux
        USB driver.  An attacker able to add and remove USB devices could
        use this to cause a denial of service (memory corruption or crash)
        or possibly for privilege escalation.
    
    CVE-2019-19524
    
        The syzkaller tool discovered a race condition in the ff-memless
        library used by input drivers.  An attacker able to add and remove
        USB devices could use this to cause a denial of service (memory
        corruption or crash) or possibly for privilege escalation.
    
    CVE-2019-19527
    
        The syzkaller tool discovered that the hiddev driver did not
        correctly handle races between a task opening the device and
        disconnection of the underlying hardware.  A local user permitted
        to access hiddev devices, and able to add and remove USB devices,
        could use this to cause a denial of service (memory corruption or
        crash) or possibly for privilege escalation.
    
    CVE-2019-19530
    
        The syzkaller tool discovered a potential use-after-free in the
        cdc-acm network driver.  An attacker able to add USB devices could
        use this to cause a denial of service (memory corruption or crash)
        or possibly for privilege escalation.
    
    CVE-2019-19531
    
        The syzkaller tool discovered a use-after-free bug in the yurex
        USB driver.  An attacker able to add and remove USB devices could
        use this to cause a denial of service (memory corruption or crash)
        or possibly for privilege escalation.
    
    CVE-2019-19532
    
        The syzkaller tool discovered a potential heap buffer overflow in
        the hid-gaff input driver, which was also found to exist in many
        other input drivers.  An attacker able to add USB devices could
        use this to cause a denial of service (memory corruption or crash)
        or possibly for privilege escalation.
    
    CVE-2019-19533
    
        The syzkaller tool discovered that the ttusb-dec media driver was
        missing initialisation of a structure, which could leak sensitive
        information from kernel memory.
    
    CVE-2019-19534, CVE-2019-19536
    
        The syzkaller tool discovered that the peak_usb CAN driver was
        missing initialisation of some structures, which could leak
        sensitive information from kernel memory.
    
    CVE-2019-19537
    
        The syzkaller tool discovered race conditions in the USB stack,
        involving character device registration.  An attacker able to add
        USB devices could use this to cause a denial of service (memory
        corruption or crash) or possibly for privilege escalation.
    
    CVE-2019-19767
    
        The syzkaller tool discovered that crafted ext4 volumes could
        trigger a buffer overflow in the ext4 filesystem driver.  An
        attacker able to mount such a volume could use this to cause a
        denial of service (memory corruption or crash) or possibly for
        privilege escalation.
    
    CVE-2019-19922
    
        It was discovered that a change in Linux 3.16.61, "sched/fair: Fix
        bandwidth timer clock drift condition", could lead to tasks being
        throttled before using their full quota of CPU time.  A local
        user could use this bug to slow down other users' tasks.  This
        change has been reverted.
    
    CVE-2019-19947
    
        It was discovered that the kvaser_usb CAN driver was missing
        initialisation of some structures, which could leak sensitive
        information from kernel memory.
    
    CVE-2019-19965
    
        Gao Chuan reported a race condition in the libsas library used by
        SCSI host drivers, which could lead to a null pointer dereference.
        An attacker able to add and remove SCSI devices could use this to
        cause a denial of service (BUG/oops).
    
    CVE-2019-19966
    
        The syzkaller tool discovered a missing error check in the cpia2
        media driver, which could lead to a use-after-free.  An attacker
        able to add USB devices could use this to cause a denial of
        service (memory corruption or crash) or possibly for privilege
        escalation.
    
    For Debian 8 "Jessie", these problems have been fixed in version
    3.16.81-1.
    
    We recommend that you upgrade your linux packages.
    
    Further information about Debian LTS security advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://wiki.debian.org/LTS
    
    -- 
    Ben Hutchings - Debian developer, member of kernel, installer and LTS teams
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the LinuxSecurity Privacy news articles?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/25-what-do-you-think-of-the-linuxsecurity-privacy-news-articles?task=poll.vote&format=json
    25
    radio
    [{"id":"90","title":"Love them!","votes":"35","type":"x","order":"1","pct":92.11,"resources":[]},{"id":"91","title":"I'm indifferent","votes":"2","type":"x","order":"2","pct":5.26,"resources":[]},{"id":"92","title":"Not interested in this topic","votes":"1","type":"x","order":"3","pct":2.63,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.